[vlc-devel] vlc: svn commit r24345 (damienf)

Rafaël Carré funman at videolan.org
Thu Jan 17 15:06:10 CET 2008 

Le Wed, 16 Jan 2008 20:30:14 +0100 (CET),
Subversion daemon <svn at videolan.org> a écrit :

> r24345 | damienf | 2008-01-16 20:30:12 +0100 (Wed, 16 Jan 2008) | 18
> lines Changed paths:
>    M /trunk/include/vlc_configuration.h
>    M /trunk/modules/access_filter/record.c
>    M /trunk/modules/access_filter/timeshift.c
>    M /trunk/modules/audio_output/file.c
>    M /trunk/modules/demux/demuxdump.c
>    M /trunk/modules/demux/ts.c
>    M /trunk/modules/misc/logger.c
>    M /trunk/modules/stream_out/es.c
>    M /trunk/modules/stream_out/rtp.c
>    M /trunk/modules/stream_out/standard.c
>    M /trunk/src/config/chain.c
>    M /trunk/src/libvlc-module.c
>    M /trunk/src/misc/variables.c
>    M /trunk/src/modules/entry.c
> 
> vlc security: As i've seen very little improvement on that front,
> i've decided to check in my take on handling the problem of managing
> harmful options. I'm pretty sure this is going to be very
> controversial, but I think my approach is quite simple and yet very
> effective Anyway, my approach makes the following assumptions:
> 
> - most vlc options are considered safe, only a handful are
> particularily unsafe and need be declared as such in their definition
> (they mostly deal with writing to an output file or URL)
> - unsafe options are only considered potentially harmful when used as
> an input option, ie. the ':option' format. Configuration options are
> always considered safe 'i.e --option' 
> - unsafe options are associated with a global security policy, which
> dictates how these are handled. At the moment, The policy can be
> either block, allow or prompt, and is set using the
> '--security-policy' option (which itself is considered unsafe ;)
> 
> the policy can be set by the user at the command line or in the
> preferences, it curently defaults to prompt, which is the desirable
> state for deskop use. However, it can be overriden depending on
> context, for example, the activex and mozilla will force the
> security-policy to block regardless of preference settins.
> 
> the code is a bit rough at the moment, but i will optimize/clean it
> up if the dev community this approach is worth keeping.
> 
> try the following example, and you'll see quickly what i mean:
> 
> ./vlc -vvv <a
> mrl> :sout=#transcode{vcodec=mp1v,vb=1024,acodec=mpga,ab=192}:standard{mux=ts,dst=vlc-output.ts,access=file}"

When the user explicitely selected these options on the command line it
should be allowed (especially since rc interface doesn't have
interaction), and forbidden only when it happens behind user's back (in
m3u playlists, and browser plugins)

> Enjoy,
>    Damien
> 
> 
>  > http://trac.videolan.org/vlc/changeset/24345
> _______________________________________________
> vlc-devel mailing list
> To unsubscribe or modify your subscription options:
> http://mailman.videolan.org/listinfo/vlc-devel


-- 
Rafaël Carré
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://mailman.videolan.org/pipermail/vlc-devel/attachments/20080117/a3baeed5/attachment.sig>

More information about the vlc-devel mailing list